异构无线网络可控匿名漫游认证协议

分析传统的匿名漫游认证协议,指出其存在匿名不可控和通信时延较大的不足,针对上述问题,本文提出异构无线网络可控匿名漫游认证协议,远程网络认证服务器基于1轮消息交互即可完成对移动终端的身份合法性验证;并且当移动终端发生恶意操作时,家乡网络认证服务器可协助远程网络认证服务器撤销移动终端的身份匿名性.本文协议在实现匿名认证的同时,有效防止恶意行为的发生,且其通信时延较小.安全性证明表明本文协议在CK安全模型中是可证安全的.     

移动漫游中强安全的两方匿名认证密钥协商方案

由于低功耗的移动设备计算和存储能力较低,设计一种高效且强安全的两方匿名漫游认证与密钥协商方案是一项挑战性的工作.现有方案不仅计算开销较高,而且不能抵抗临时秘密泄露攻击.针对这两点不足,提出一种新的两方匿名漫游认证与密钥协商方案.在新方案中,基于Schnorr签名机制,设计了一种高效的基于身份签密算法,利用签密的特性实现实体的相互认证和不可追踪;利用认证双方的公私钥直接构造了一个计算Diffie-Hellman（Computational Diffie-Hellman,CDH）问题实例,能抵抗临时秘密泄露攻击.新方案实现了可证明安全,在eCK（extended Canetti-Krawczyk）模型基础上,探讨两方漫游认证密钥协商方案安全证明过程中可能出现的情形,进行归纳和拓展,并给出新方案的安全性证明,其安全性被规约为多项式时间敌手求解椭圆曲线上的CDH问题.对比分析表明：新方案安全性更强,需要实现的算法库更少,计算和通信开销较低.新方案可应用于移动通信网络、物联网或泛在网络,为资源约束型移动终端提供漫游接入服务.     

无线网络中基于无证书聚合签名的高效匿名漫游认证方案

针对无线移动网络漫游认证中的隐私保护需求,提出了新的匿名漫游认证方案。引入在线离线签名技术,并巧妙结合聚合验证方法,设计了一个无证书聚合签名方案。与相关方案相比,该签名方案降低了签名和验证过程的计算开销,提高了通信效率。继而,基于该签名方案,提出了一种新型高效的匿名漫游认证方案,简化了传统的三方漫游认证模型。理论分析结果表明,该方案安全、有效,特别适用于大规模无线移动网络。     

移动计算中基于椭圆曲线的匿名签名算法

移动代码(例如移动代理)在异地执行签名时往往不希望暴露其所有者的私有密钥,本文提出了一种基于椭圆曲线的移动代码匿名签名算法,依据该算法,移动代码所有者可以利用椭圆曲线根据自己的身份信息为移动代码生成一个认证矢量和一个临时性密钥对,并通过它们实现了移动代码匿名签名以及签名后的不可否认性.该算法除具有匿名性和不可否认性以外,还具有高效性、保密性和不可伪造性等特点,可广泛应用于各种具有代码移动特性的移动计算.     

面向云服务的安全高效无证书聚合签名车联网认证密钥协商协议

针对目前车联网认证密钥协商协议效率低下以及车辆公私钥频繁更新的问题,提出一个基于无证书聚合签名的车联网匿名认证与密钥协商协议.本方案通过引入临时身份和预签名机制实现对车辆的隐私保护以及匿名认证,同时通过构建临时身份索引数据库,实现可信中心对可疑车辆的事后追查,满足车辆的条件匿名性要求.此外,本方案中车辆的公私钥不随其临时身份动态改变,有效避免了已有方案公私钥频繁更新带来的系统开销.同时,为了提供高效的批量认证,采用无双线性对的聚合签名技术,实现了车辆签名的动态聚合和转发,有效降低了签名传递的通信量和云服务器的验证开销.本文方案在eCK模型和CDH问题假设下被证明是形式化安全的.     

一种后向撤销隐私安全的车载自组织网络快速匿名消息认证协议

该文提出适用于车载自组织网络的快速匿名消息认证协议。通过使用基于身份的签密技术,车辆行驶至某区域后,与该区域中心相互认证,获取其所维护的周期性群签名系统密钥材料。之后,该车辆能够使用获取的密钥材料对向网络中广播的携带有群签名的消息,实现消息的匿名认证。网络中的车辆收到其它车辆广播消息之后,仅需验证群签名的合法性,避免验证消息的签发者是否是撤销用户。此外,所采用的群签名算法支持批验证运算,能够快速处理短期内收到的多个消息。除了避免撤销验证特性之外,与已有的文献相比,文中的方案能够完善地保护撤销用户的后向隐私安全性。     

5G-V2X中基于轨迹预测的安全高效群组切换认证协议

针对5G-V2X场景中大量车辆执行切换认证的效率问题，提出了一种基于轨迹预测的安全高效群组切换认证协议。首先，通过预测车辆轨迹，提前完成密钥协商协议。其次，通过用户分组算法将具有移动相关性的车辆视为同一群组，再采用无证书聚合签名技术批量验证群组内所有车辆。再次，针对聚合签名技术易遭受拒绝服务攻击的弊端，采用二分查找法快速定位恶意用户，提高群组切换认证协议的效率。最后，利用形式化验证工具Scyther对所提协议进行了安全性分析，与现有最优协议相比，所提协议的计算效率提高了30%。     

具有快速ID匿名的移动IP注册协议

针对移动IP注册过程中的匿名和认证问题,提出一个具有快速ID匿名的移动IP注册协议。该协议安全性是基于椭圆曲线CDH问题,通过构造临时ID保证真实ID的匿名性,每次注册请求中的临时ID都在不断变化,实现了用户ID的匿名性和位置隐蔽性。     

新颖的移动代理动态数据完整性保护协议

通过引入攻击者能力来对完整性的强弱进行划分和定义，在此基础上，分析了合谋情况下对动态数据进行截断攻击的问题，并给出了一个新颖的移动代理数据保护协议，该协议通过引入反向签名机制，形成一条从源节点到当前节点的信任链，实现对漫游路径的完整性保护，很好地解决了合谋情况下对动态数据的截断攻击，为自由漫游移动代理提供了更强的完整性保护。还使用形式化方法对协议的安全属性进行了分析验证。     

可信的匿名无线认证协议

提出一种可信的匿名无线认证协议,对移动用户身份进行认证的同时验证用户终端平台可信性,认证过程的每阶段使用不同的临时身份和一次性密钥,保持用户身份和平台信息的匿名性,分析表明协议安全可靠,具有域分离特性和密钥协商公正性,计算代价和消息交互轮数满足无线移动网络环境需求.     

Anonymity handover authentication protocol based on group signature for wireless Mesh network

In order to ensure that the Mesh network mobile client video,voice and other real-time strong applications without interruption,a secure and efficient handover authentication was very important.To protect the privacy of mobile nodes,an anonymity handover authentication protocol was proposed based on group signature for wireless mesh network.Compared with other handover authentication protocols based on group signature,the proposed scheme did not involve the group signature correlation operation,and the group signature algorithm was only carried out on the router.The pro-posed protocol not only enhances the security but also performs well in authentication efficiency and privacy-preserving.     

Design and Validation of an Efficient Authentication Scheme with Anonymity for Roaming Service in Global Mobility Networks

Designing a user authentication protocol with anonymity for the global mobility network (GLOMONET) is a difficult task because wireless networks are susceptible to attacks and each mobile user has limited power, processing and storage resources. In this paper, a secure and lightweight user authentication protocol with anonymity for roaming service in the GLOMONET is proposed. Compared with other related approaches, our proposal has many advantages. Firstly, it uses low-cost functions such as one-way hash functions and exclusive-OR operations to achieve security goals. Having this feature, it is more suitable for battery-powered mobile devices. Secondly, it uses nonces instead of timestamps to avoid the clock synchronization problem. Therefore, an additional clock synchronization mechanism is not needed. Thirdly, it only requires four message exchanges between the user, foreign agent and home agent. Further, the security properties of our protocol are formally validated by a model checking tool called AVISPA. We also demonstrate that this protocol enjoys important security attributes including prevention of various attacks, single registration, user anonymity, no password table, and high efficiency in password authentication. Security and performance analyses show that compared with other related authentication schemes, the proposed scheme is more secure and efficient.     

Strong roaming authentication technique for wireless and mobile networks

When one considers the broad range of wirelessly connected mobile devices used today, it is clear that integrating such network‐enabled devices into secure roaming over wireless networks is of essential importance. Over the years, many authentication protocols have been suggested to address this issue. Among these protocols, the recently proposed privacy‐preserving universal authentication protocol, Priauth, exceeds the security and efficiency of other authentication techniques. This paper studies the existing roaming authentication protocols and shows that they are not strong enough to provide secure roaming services in three aspects. Further, using Priauth as an example, we propose efficient remedies that fix the weaknesses. The experimental results show that the proposed approaches are feasible in practice. Copyright © 2012 John Wiley & Sons, Ltd.     

Lightweight and provably secure user authentication with anonymity for the global mobility network

Seamless roaming in the global mobility network (GLOMONET) is highly desirable for mobile users, although their proper authentication is challenging. This is because not only are wireless networks susceptible to attacks, but also mobile terminals have limited computational power. Recently, some authentication schemes with anonymity for the GLOMONET have been proposed. This paper shows some security weaknesses in those schemes. Furthermore, a lightweight and provably secure user authentication scheme with anonymity for the GLOMONET is proposed. It uses only symmetric cryptographic and hash operation primitives for secure authentication. Besides, it takes only four message exchanges among the user, foreign agent and home agent. We also demonstrate that this protocol enjoys important security attributes including prevention of various attacks, single registration, user anonymity, user friendly, no password/verifier table, and use of one‐time session key between mobile user and foreign agent. The security properties of the proposed protocol are formally validated by a model checking tool called AVISPA. Furthermore, as one of the new features in our protocol, it can defend smart card security breaches. Copyright © 2010 John Wiley & Sons, Ltd.     

An enhanced secure delegation-based anonymous authentication protocol for PCSs

Rapid development of wireless networks brings about many security problems in portable communication systems (PCSs), which can provide mobile users with an opportunity to enjoy global roaming services. In this regard, designing a secure user authentication scheme, especially for recognizing legal roaming users, is indeed a challenging task. It is noticed that there is no delegation-based protocol for PCSs, which can guarantee anonymity, untraceability, perfect forward secrecy, and resistance of denial-of-service (DoS) attack. Therefore, in this article, we put forward a novel delegation-based anonymous and untraceable authentication protocol, which can guarantee to resolve all the abovementioned security issues and hence offer a solution for secure communications for PCSs.     

Partially blind proxy re-signature scheme with proven security

In order to solve the problem of anonymity and controllability of blind proxy re-signature,the concept of partially blind proxy re-signature was introduced by using the idea of partially blind signature.Furthermore,the security definition of partially blind proxy re-signature was also given.Based on the improved Shao scheme,a partially blind proxy re-signature scheme in the standard model was proposed.The proposed scheme allows proxy to add some public information negotiated by delegatee and proxy to re-signature.The scheme not only can achieve the transparent signature conversion from delegatee to proxy and protect privacy of message re-signed by proxy,but also prevented illegal use of re-signature.Analysis results show that the proposed scheme is correct,multi-use,partially blind and existentially unforgeable.It is more suitable for e-government data exchange system,cross-domain authentication system and so on.     

A Secure and Effective Anonymous Authentication Scheme for Roaming Service in Global Mobility Networks

Recently, Mun et al. analyzed Wu et al.’s authentication scheme and proposed an enhanced anonymous authentication scheme for roaming service in global mobility networks. However, through careful analysis, we find that Mun et al.’s scheme is vulnerable to impersonation attacks and insider attacks, and cannot provide user friendliness, user’s anonymity, proper mutual authentication and local verification. To remedy these weaknesses, we propose a novel anonymous authentication scheme for roaming service in global mobility networks. Compared with previous related works, our scheme has many advantages. Firstly, the secure authenticity of the scheme is formally validated by an useful formal model called BAN logic. Secondly, the scheme enjoys many important security attributes including prevention of various attacks, user anonymity, no verification table, local password verification and so on. Thirdly, the scheme does not use timestamp, thus it avoids the clock synchronization problem. Further, the scheme contains the authentication and establishment of session key scheme when mobile user is located in his/her home network, therefore it is more practical and universal for global mobility networks. Finally, performance and cost analysis show our scheme is more suitable for low-power and resource limited mobile devices and thus availability for real implementation.